Researchers have recently reported multiple vulnerabilities in the software for the Canon Medical Vitrea View tool. Exploiting the flaws could expose patients’ information and other related services to the attacker. Canon Medical patched the issues following the bug reports, compelling users to upgrade their systems to receive the fixes.
Canon Medical Vitrea View Vulnerabilities
Reportedly, researchers from Trustwave Spiderlabs discovered two different vulnerabilities in Canon Medical Vitrea View software.
As elaborated in their report, the flaws existed in the third-party software powering the Canon Medical tool that facilitates viewing medical images. Exploiting the flaws could allow an adversary to gain access to patients’ data and other Vitrea View services.
Specifically, the first issue was a reflected cross-site scripting (XSS) vulnerability in the error message. The flaw appeared as the error page at /vitrea-view/error/ reflected all input after the /error/ subdirectory to the user. While it had some minor restrictions, a geeky user could bypass them via backticks (`) and base64 encoding, and import remote codes.
The next vulnerability was also identified as a reflected XSS, however, it existed in the Vitrea View Administrative panel. Describing this vulnerability, the researchers stated,
“The search for ‘groupID’, ‘offset’, and ‘limit’ in the ‘Group and Users’ page of the administration panel all reflect their input back to the user when text is entered instead of the expected numerical inputs. Like the previous finding, the reflected input is slightly restricted, as it does not allow spaces.
Exploiting the vulnerability required an attacker to trick the target user into giving admin panel access via social engineering. An adversary could easily do that by sending a maliciously crafted link to the victim user. Then, clicking the link would give admin control to the attacker.
Upon exploiting the flaws, an attacker could view and access patients’ details, including the images and scans. Also, the adversary could access credentials for sensitive services and even modify the information according to the gained privileges.
Canon Medical Patched The Flaws
Following this discovery, Trustwave researchers responsibly disclosed the vulnerabilities to Canon Medical officials. In response, the vendors patched rolled out the patched software version 7.7.6 for their devices.
Hence now, the researchers urge the users to upgrade their systems to the latest software version to receive the patches.